There is a very interesting discussion of the protection of Federal Networks and the Fourth Amendment in “Cybersecurity, Selected Legal Issues,” Congressional Research Service (CRS) Report for Congress (3 May 2012).

The Department of Homeland Security (DHS) in conjunction with the National Security Agency (NSA) rolled out EINSTEIN, an intrusion detection system (IDS) in early iterations, and later an intrusion prevention system (IPS) at all Internet points of presence (POPs) for the government.

The system works through copying, storage, and deep packet inspection of not only the metadata for addressing information, but also the actual contents of the flow. This handling is necessary in order to identify suspicious malware signatures and behavior and alert the United States Computer Emergency Response Team (US-CERT) in order to block, quarantine, clean, and respond to the attacks and share information about these.

However, the civil liberties and privacy issue with EINSTEIN is that according to the Fourth Amendment, we are protected from unreasonable search and seizures. Thus, there are concerns about the violation of the Fourth Amendment, when DHS monitors and inspects addressing and content of all email and Internet communications to and from federal agency employees and the public–including not only from government email accounts and systems, but also from private email accounts such as Yahoo and Gmail and social media sites like Facebook and Twitter.

The justification for the use of EINSTEIN includes:

1. The government cannot reasonably get warrants in real time in order to safeguard the federal network and systems at the speed that the attacks are occurring.

2. The government places banners and user agreements on all Federal networks notifying users of monitoring, so there is no expectation of privacy in the communications.

3. The monitoring is conducted only for malicious computer activity and not for other unlawful activities—so “clean” traffic is promptly removed the system.

4. Privacy protections are ensured though review mechanisms, including Attorney General and Director of National Intelligence (DNI) reporting to Congress every six months and a sunset provision requiring monitoring reauthorization every four years.

This tension between monitoring of Federal networks and traffic and civil liberties and privacy is a re-occurring issue when it comes to cybersecurity. On one hand, we want cybersecurity, but on the other hand, we are anxious about this security infringing on our freedoms—whether freedom of expression, from search and seizure, from surveillance, or from potentially costly regulation, stifling innovation, and so forth. It is this tension that has stalled many cybersecurity bills such as the Stop Online Privacy Act (SOPA), Cyber Intelligence Sharing and Protection Act (CISPA), The Computer Security Act of 2012 and more.

In the absence of a clear way forward with legislation to regulate and enforce, or incentivize, standards and best practices for cybersecurity, particularly for critical infrastructure protection, as well as information sharing, the White House released Presidential Policy Directive/PDD-21 on Critical Infrastructure Security and Resilience to establish DHS and other federal agency roles in cybersecurity and to manage these on a risk-based model, so that critical infrastructure is identified, prioritized, assessed, and secured accordingly.

While PDD-21 is a step in the right direction, it is an ongoing challenge to mediate a balance between maintaining our values and constitutional freedoms, while at the same time securing cyberspace.

One thought is that perhaps we can model cybersecurity after the Posse Comitatus Act of 1878 that separated federal military from domestic national guard and law enforcement powers. Using this model, we can create in cyberspace a separation of cybersecurity from our borders outward by the federal government, and within the domestic private networks by our national guard and law enforcement.

Thus, we can create stronger security radiating out at the national periphery, while maintaining our important freedoms within, but always working together to identify and neutralize any and all threats to cyberspace. 😉

– Cost of conversion in terms of both money and time
– Concern that it can be used against them in medical malpractice suits
– Potential lose of patient privacy
– Lack of interoperability between existing systems (currently, “there are 551 certified medical information software companies in the U.S. selling 1,137 software programs”–the largest of which are from GE and Epic.)

The government is incentivizing the health care industry to make the conversion:

– Hitech Act (2009) “provides $27 billion in financial incentives” including $44K from Medicare and $63K from Medicaid over 5 years for outpatient physicians that can demonstrate “that they are using the technology to improve care.”
– Patient Protection and Affordable Care Act (2010)–a.k.a. Obamacare–calls for “accountable care organizations” to receive extra money from Medicare and Medicaid for keeping patients healthy, rather than by procedure–“they are expected to do so using computers.”

The big loophole in EHR right now seems to be:

– The lack of standards for EHR systems from different vendors to be compatible, so they can “talk” to each other.
– Without interoperability, we risk having silos of physicians, hospitals, labs, and so on that cannot share patient and disease information.

So, we need to get standards or regulations in place in order to ensure that EHR is effective on a national, and then even a global level.

A number of months ago, I went to a specialist for something and saw him a few times; what he didn’t tell me when I started seeing him what that he was retiring within only a few months.

Aside from being annoyed at having to find another doctor and change over, I felt that the doctor was not too ethical in not disclosing his near-term intentions to close up shop and giving me the choice of whether I wanted to still see him.

But what made matters worse is that I got a letter in mail with the notification–not even in person–along with a form to fill out to request a copy of my medical records at a cost per page, so that I could transfer them–hardcopy–elsewhere.

Of course, this was also the doctor who hand wrote prescriptions still and wasn’t able to get test results online.

To me, seeing someone with a great amount of experience was really important, but the flip side was that in terms of organization, he was still in the “dark ages” when it came to technology.

I look forward to the day when we can have both–senior medical professionals who also have the latest technology tools at their disposal for serving the patients.

In the meantime, the medical profession still seems to have some serious catching up to do with the times technologically.

Let’s hope we get there soon so that we not only have the conveniences of modern technology, but also the diagnostic benefits and safeguards.

You have to go to Miami first and switch flights—it’s a two-legged trip.

But I decided after the first flight to just to stay in Miami and not go on the second flight to the Keys.

Since the flight was overbooked—not only didn’t the airlines lose anything by me not going, they actually benefited by having my empty seat for another passenger—and making money twice off of the same seat.

Yet, the airline demanded that I pay them a change ticket fee.

This is the first time that I heard of being asked to pay extra for not using a product or service.

Common sense and basic business practice is that if you don’t use something, you get a credit or refund, but the airline was actually demanding I pay an extra fee for this so called “change.”

I explained politely that I didn’t change anything and that I just wanted to be able to get home.

They said even by not getting on another flight that is a change—and as the customer service representative (and I choke on even calling him that) then went on to say, “you will pay for that mistake!”

I reiterated that I didn’t make a mistake or any change, I simply decided not to use the second leg of the trip.

I asked to see a copy of the policy or guidelines where I had to pay for not using something, but the customer rep refused this.

He may as well have said, “Who needs right, when we have might?”

Basically, it came down to, “If you want to go home, you will have to pay.”

As if this wasn’t enough, when I arrived at the airport, another airline representative made me put my rolling carry-on into the sizing device to check that it would fit in the overhead.

Dar-gone-it—I bought it specifically for just that purpose, as it was advertised—why go through this?

In the airport, in front of everyone, they made me empty my things out and put some in another bag to skinny the first–“just a little.”

Then they said, uh ha, now you have an extra carry-on we can charge you for—but I didn’t, I only had two bags, total!

Later, in the airport, I overpaid for a stale sandwich and diet soda.

And for the first time, even after going through airport security and showing my boarding pass and picture identification once, I was then asked to do it all over again—while “walking the plank” to board the flight, with suitcase and sandwich in hand.

Not long after I sat down, an airline attendant literally shoved my seat up straight, and then reminded me put up my seat before takeoff! Yet the seat was already up—the whole time.

Another comes up and asks me if I was the one who asked about the Internet—no, it wasn’t me, but there’s another customer somewhere onboard who did ask about it—they just forget who it was—oh well.

It used to be that the airlines were just overcrowded, the bagged peanuts were skimpy, and the recycled air was nauseating, but now the flying experience is at a whole new level of yuck!

This is no way to run an industry, treat customers, or generally do business.

On the airline, the stewardess gets on the mic and says “welcome to {Blank} airlines” and hope you enjoy the ride—unfortunately, they are riding all of us. 😉

(Source Photo: here with attribution to Kuster and Wildhaber Photography)